Install-FromManifest: add FileVersion detection for version-pinned upgrades

File-existence detection on NTLARS.exe couldn't tell eDNC 6.4.3 from 6.4.4 (both installers leave the same binary in place), so the enforcer skipped upgrades. FileVersion compares the vendor-stamped FileVersion field on a named binary against the manifest's DetectionValue with exact-string match. Added to all three lib copies (common, Standard, CMM). Standard manifest template flipped to FileVersion against DncMain.exe -- the eDNC main binary is more reliably version-stamped than the bundled NTLARS sub-tool. Update workflow now: drop the new vendor MSI on the SFLD share, bump Installer + DetectionValue in machineapps-manifest.json, next user logon runs Machine-Enforce which detects mismatch and installs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 16:15:32 -04:00
parent a6648c5a40
commit 8528a1bcae
4 changed files with 54 additions and 3 deletions
--- a/playbook/shopfloor-setup/common/lib/Install-FromManifest.ps1
+++ b/playbook/shopfloor-setup/common/lib/Install-FromManifest.ps1
@@ -111,6 +111,23 @@ function Test-AppInstalled {
            "File" {
                return Test-Path $App.DetectionPath
            }
+            "FileVersion" {
+                # Compare a file's VersionInfo.FileVersion against the
+                # manifest's expected value. Used for version-pinned MSI/EXE
+                # installs where existence alone doesn't tell you whether
+                # the right release is on disk (e.g. eDNC 6.4.3 vs 6.4.4
+                # both leave NTLARS.exe in the same path). Exact string
+                # match - the manifest must carry the exact version the
+                # vendor stamps into the binary.
+                if (-not (Test-Path $App.DetectionPath)) { return $false }
+                if (-not $App.DetectionValue) {
+                    Write-InstallLog "  FileVersion detection requires DetectionValue - treating as not installed" "WARN"
+                    return $false
+                }
+                $actual = (Get-Item $App.DetectionPath -ErrorAction Stop).VersionInfo.FileVersion
+                if (-not $actual) { return $false }
+                return ($actual -eq $App.DetectionValue)
+            }
            "Hash" {
                # Compare SHA256 of the on-disk file against the manifest's
                # expected value. Used for content-versioned files that do not